working version with fixed link and GET for tracing purposes (#677)
* working version with fixed link and GET for tracing purposes * added integration test * filter on request log
This commit is contained in:
René Zubcevic
GitHub
@ -28,6 +28,11 @@
|
||||
<artifactId>commons-io</artifactId>
|
||||
<version>${commons-io.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-lang3</artifactId>
|
||||
<version>${commons-lang3.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
|
||||
@ -27,7 +27,12 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.boot.actuate.trace.http.HttpTrace;
|
||||
import org.springframework.boot.actuate.trace.http.HttpTrace.Request;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -65,12 +70,28 @@ public class Requests {
|
||||
@GetMapping
|
||||
public ModelAndView get() {
|
||||
ModelAndView m = new ModelAndView("requests");
|
||||
UserDetails user = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
List<Tracert> traces = traceRepository.findAllTraces().stream()
|
||||
.filter(t -> allowedTrace(t, user))
|
||||
.map(t -> new Tracert(t.getTimestamp(), path(t), toJsonString(t))).collect(toList());
|
||||
m.addObject("traces", traces);
|
||||
|
||||
return m;
|
||||
}
|
||||
|
||||
private boolean allowedTrace(HttpTrace t, UserDetails user) {
|
||||
|
||||
Request req = t.getRequest();
|
||||
boolean allowed = true;
|
||||
/* do not show certain traces to other users in a classroom setup */
|
||||
if (req.getUri().getPath().contains("/files") && !req.getUri().getPath().contains(user.getUsername())) {
|
||||
allowed = false;
|
||||
} else if (req.getUri().getPath().contains("/landing") && req.getUri().getQuery()!=null && req.getUri().getQuery().contains("uniqueCode") && !req.getUri().getQuery().contains(StringUtils.reverse(user.getUsername()))) {
|
||||
allowed = false;
|
||||
}
|
||||
|
||||
return allowed;
|
||||
}
|
||||
|
||||
private String path(HttpTrace t) {
|
||||
return (String) t.getRequest().getUri().getPath();
|
||||
|
||||
@ -41,7 +41,7 @@ import java.util.List;
|
||||
public class WebWolfTraceRepository implements HttpTraceRepository {
|
||||
|
||||
private final EvictingQueue<HttpTrace> traces = EvictingQueue.create(10000);
|
||||
private List<String> exclusionList = Lists.newArrayList("/WebWolf/home", "/WebWolf/mail", "/WebWolf/files", "/images/", "/login", "/favicon.ico", "/js/", "/webjars/", "/WebWolf/requests", "/css/", "/mail");
|
||||
private List<String> exclusionList = Lists.newArrayList("/tmpdir", "/WebWolf/home", "/WebWolf/mail", "/WebWolf/files", "/images/", "/login", "/favicon.ico", "/js/", "/webjars/", "/WebWolf/requests", "/css/", "/mail");
|
||||
|
||||
@Override
|
||||
public List<HttpTrace> findAll() {
|
||||
|
||||
@ -18,9 +18,8 @@ logging.level.org.springframework.boot.devtools=WARN
|
||||
logging.level.org.owasp=DEBUG
|
||||
logging.level.org.owasp.webwolf=TRACE
|
||||
|
||||
endpoints.trace.sensitive=false
|
||||
management.trace.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIES,ERRORS,TIME_TAKEN,PARAMETERS,QUERY_STRING
|
||||
endpoints.trace.enabled=true
|
||||
management.trace.http.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIE_HEADERS,TIME_TAKEN
|
||||
management.endpoint.httptrace.enabled=true
|
||||
|
||||
spring.thymeleaf.cache=false
|
||||
|
||||
|
||||
Reference in New Issue
Block a user